short
- Microsoft said the attackers compromised the download of Mistral AI software used by developers.
- The malware allegedly steals credentials and can harm some Linux systems.
- Mistral said it had no evidence its infrastructure was at risk.
Microsoft Threat Intelligence said Monday that attackers inserted malicious code into a Mistral AI software package distributed through PyPI, a popular platform used by software developers to download Python software tools.
In a mail Regarding X, Microsoft said the malicious code runs automatically when developers use the software on Linux systems. The code downloaded a second malicious file called Transformers.pyz from a remote server and ran it in the background.
“The file name Transformers.pyz appears to have been intentionally chosen to mimic the widely used Hugging Face Transformers library and be integrated into ML/dev environments,” Microsoft wrote.
The company said the malware primarily steals credentials capable of collecting developer login information and access tokens. Microsoft also said the malware avoided Russian language systems and included code that could randomly delete files on some systems that appeared to be located in Israel or Iran.
Reports link the latest attack to a “broader matter.”Immortality tea“The malware campaign that began in September targets software supply chains by infecting packages of trusted developers and stealing credentials from compromised systems.
“Shai-Hulud, that scary thing everyone is talking about, has gone open source,” cybersecurity firm VX Underground books On X. “What does this mean? TeamPCP, or someone else, has unleashed a fully armed worm on you.”
Microsoft advised organizations to isolate affected Linux systems, block the associated Internet address, look for signs of infection, and replace potentially exposed credentials.
Mistral said Tuesday on its website that it was affected by a supply chain attack linked to the broader TanStack security incident. The company said an automated worm linked to the attack led to the deployment of compromised NPM and PyPI package versions.
“The current investigation indicates the involvement of an affected developer device.” books. “We have no indication that Mistral’s infrastructure has been compromised.”
Node Package Manager or NPM is one of the world’s largest software download platforms for JavaScript developers. They have increasingly become the target of cryptocurrency-related cyberattacks because many blockchain applications, wallets and trading platforms rely on software distributed through the service. In September, Ledger CTO Charles Guillemette to caution That hackers have compromised widely used NPM packages in an attack that could redirect cryptocurrency transactions and steal funds.
“The affected packages have already been downloaded more than a billion times, which means the entire JavaScript ecosystem could be at risk,” Guillemette said. books On X at that time.
Other recent attacks used poisoned NPM packages linked to fake cryptocurrency trading bots and blockchain tools Spreading malware during Ethereum Smart contracts.
Daily debriefing Newsletter
Start each day with the latest news, plus original features, podcasts, videos and more.
